Microsoft 365 is the backbone of email, files, and collaboration for a huge share of New Zealand businesses, but most organisations are only using a fraction of what they’re already paying for, and more than a few assume it’s protected in ways it actually isn’t. Here’s what’s worth checking.

  1. Confirm your licensing actually matches how your team works. It’s common to find a business paying for a higher-tier plan than most staff need, or missing security features that are only included in a slightly different bundle. A quick licence review every year or so often pays for itself.
  2. Turn on conditional access and MFA properly, not just for a few accounts. Microsoft 365’s built-in security tools can restrict sign-ins by location, device, or risk level, but only if they’re configured. Left on defaults, many of the strongest protections are effectively switched off.
  3. Don’t assume Microsoft backs up your data for you. Microsoft 365 is built for uptime and redundancy, not long-term backup and recovery. Deleted mailboxes, files, and SharePoint sites can fall outside what Microsoft retains once a retention window passes. A separate, independent backup of your Microsoft 365 data is one of the most overlooked gaps we see.
  4. Use Teams and SharePoint deliberately, not accidentally. Many businesses end up with sprawling, duplicated files across Teams, SharePoint, and OneDrive simply because there was never an agreed structure. A simple, documented approach to where documents live saves hours of searching and reduces the risk of sensitive files ending up somewhere they shouldn’t.
  5. Review who has access every few months. Staff change roles, contractors finish projects, and access doesn’t always get cleaned up afterwards. Regular access reviews are a small task that meaningfully reduces risk over time.

Microsoft 365 can be an excellent platform when it’s configured with your business in mind, rather than left on out-of-the-box defaults. If you’re not sure whether your current setup already covers all of this, that’s a conversation worth having with whoever manages your IT, whether that’s an in-house person or a managed partner like us. While you’re at it, it’s worth reviewing our guide to cybersecurity basics every growing NZ business should have in place.

author avatar
Alan Jennings